Bootstrapping Ethics by Rupert Evill

Author:Rupert Evill [Evill, Rupert]
Language: eng
Format: epub
ISBN: 9781119874911
Publisher: Wiley
Published: 2022-12-27T00:00:00+00:00

Security and HSE (Health, Safety & Environment)

Security alone, let alone when coupled with HSE, is worthy of a book (or 20) on its own. My job here is not to break down what you need to do in each area but to explain where they interface with integrity risks and what lessons we can learn.

Security

Integrity issues bleed into security problems in many of the markets I work. Extortive requests – usually from public officials – often carry the threat of harm (or at least denial of liberty). Business partners (or employees) retaliate (physically or in the virtual realm) when you end relationships. Non-state actors (including armed militias and terrorists) demand revolutionary taxes or else. State-sponsored criminals use social engineering and weaknesses in your information security to steal, collude, violate data laws, and more. Regulatory authorities strong-arm your employees during dawn raids, taking data and equipment they shouldn't. I'll leave that happy list there for now, but you get the point.

What's the solution? Pretty simple, thankfully: ensure your risk assessment includes contingency planning and scenarios for high-stakes decisions. For example, if you know a particular government stakeholder (often the police or military) likes to detain or threaten your colleagues, work with security on ways to manage, mitigate, avoid, or transfer that risk. Good security risk management is intelligence-led, and we in ethics and compliance can learn much from this approach. Understand who's who in your neighbourhood and then consider the threat they may pose. The easiest way to calibrate a threat is to consider intention and capability. Past actions by critical stakeholders will often give clues as to their intention – for police officers, armed groups, or state-sponsored spies; this isn't their first rodeo. We tend to overstate capability and assume threats to be credible. While this caution is generally wise, do test those assumptions, remembering that everything these antagonists are doing is probably illegal under their laws!

Work with security to train your people properly. Few of us instinctively respond well to threats of harm or detention. Hostile environment training, crisis management simulations, and dawn raid protocols will be staples in a good security team. If you don't have one, this is an area to have a phone-a-friend capacity (a security consultant you can access immediately). Some insurance policies now offer this, especially for cyber incidents.

If you think I'm exaggerating this risk, speak to your colleagues in frontline markets. I remember working with an American company in Malaysia. They discovered a collusive relationship between employees and suppliers (a long-running fraud). The company duly fired those involved. The following day the local manager who had managed the dismissals was attacked with a Parang (a large knife), and the wife of the American country manager was beaten savagely outside their children's school. Conservatively, I've observed a security component to compliance issues in approximately 40% of the investigations I've worked on across Southeast Asia (the percentage is consistent with prior experience in other regions).

Security professionals are (typically) good at thinking in scenarios and percentages.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.